Passwords and Security

Passwords: good practice

A good password can be your strongest defence, and to protect yourself and the information on your computer or device, you should use strong passwords. This is one which is difficult to guess or work out, and can present a significant hurdle for those trying to access your online devices, files and networks.

How to make a strong password

When coming up with your strong password, take a look at our How to help yourself page and consider this advice:

A strong password has the following characteristics:

It's not a single common or recognisable word, like 'Daffodil', 'garden' or 'password', or a common coupling of words like 'breadandbutter' or 'openclosed'. It can however be a series of common but unrelated words (see the 'How to help yourself' page).

It should be at least 8 characters (for even more 'strength' go for one which is 16 characters): the longer it is, the harder it will be to guess or 'crack', but make sure it's something you're going to remember! If you're struggling, you could double your original idea for a password by reversing it and sticking it on the end to increase the length.

Don't use your user name, real name, or company name: these are the first things people who are trying to access your account will try, along with things they might have gleaned from any social networking or personal web pages you may have!

If you travel a lot and are likely to need to access your account from outside of the UK make sure that your password contains characters that you're going to find on non-UK keyboards.

If you use a short password, consider changing it on a regular basis.

Avoid the following:

Common words: hackers have software which can rapidly check dictionaries and identify common words very quickly. Don't rely on just adding numbers to the beginning or end of common words as these are easy to crack.

Anything which a quick read of your Facebook page could guess: your football team, your birthday, the town you live in, your partner's name.

Having the same password for everything: if you have the same password to access your email account, bank account and a couple of retail sites, a hacker only has to get hold of it once to wreak havoc and spend a lot of your money!

A hacker with your password can do all the things you do: access your bank, alter personal and/or sensitive information, purchase things and access your friends and online networks so it's not just you you're protecting!

Set your own security questions in case you forget

In case you forget your password, CIS provides a handy self-reset tool. All you need to do is set your own security questions (the answers to which only you will know) and preferred method of contact and you'll be able to reset your password without having to contact the IT Service Desk.

Take a look at our 'How to help yourself' page for some examples of some strong passwords and techniques for creating memorable ones.